From c878dd3e5a3286dcbcaae8dc97d167358ffa8642 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 9 Mar 2012 14:21:41 +0000
Subject: [PATCH] doing a dummy test for --os-shell in case of xp_cmdshell

---
 lib/controller/checks.py    |  2 +-
 lib/takeover/abstraction.py | 18 ++++++++++++++++++
 plugins/generic/misc.py     |  2 ++
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 9549996a9..0c279c8d0 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -562,7 +562,7 @@ def checkFalsePositives(injection):
             retVal = None
 
         if retVal is None:
-            warnMsg = "false positive and/or unexploitable injection point detected"
+            warnMsg = "false positive or unexploitable injection point detected"
             logger.warn(warnMsg)
 
         kb.injection = popValue()
diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py
index 33fe286ed..0ac60f166 100644
--- a/lib/takeover/abstraction.py
+++ b/lib/takeover/abstraction.py
@@ -10,14 +10,19 @@ See the file 'doc/COPYING' for copying permission
 from extra.safe2bin.safe2bin import safechardecode
 from lib.core.common import dataToStdout
 from lib.core.common import Backend
+from lib.core.common import isNoneValue
 from lib.core.common import isTechniqueAvailable
+from lib.core.common import pushValue
 from lib.core.common import readInput
+from lib.core.common import popValue
 from lib.core.data import conf
 from lib.core.data import logger
 from lib.core.enums import DBMS
 from lib.core.enums import PAYLOAD
+from lib.core.exception import sqlmapGenericException
 from lib.core.exception import sqlmapUnsupportedFeatureException
 from lib.core.shell import autoCompletion
+from lib.core.threads import getCurrentThreadData
 from lib.takeover.udf import UDF
 from lib.takeover.web import Web
 from lib.takeover.xp_cmdshell import xp_cmdshell
@@ -108,6 +113,19 @@ class Abstraction(Web, UDF, xp_cmdshell):
                 infoMsg += "operating system command execution"
                 logger.info(infoMsg)
 
+                threadData = getCurrentThreadData()
+                pushValue(threadData.disableStdOut)
+                threadData.disableStdOut = True
+
+                output = self.evalCmd("echo 1")
+                if isNoneValue(output):
+                    errMsg = "it seems that the temporary directory ('%s') used for storing " % self.getRemoteTempPath()
+                    errMsg += "console output at the back-end OS does not have "
+                    errMsg += "writing permissions for the DBMS process. You are advised "
+                    errMsg += "to manually adjust it with option '--tmp-path'"
+                    raise sqlmapGenericException, errMsg
+
+                threadData.disableStdOut = popValue()
             else:
                 errMsg = "feature not yet implemented for the back-end DBMS"
                 raise sqlmapUnsupportedFeatureException, errMsg
diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py
index 0b766b507..b42ac91f0 100644
--- a/plugins/generic/misc.py
+++ b/plugins/generic/misc.py
@@ -60,6 +60,8 @@ class Miscellaneous:
 
         hashDBWrite(HASHDB_KEYS.CONF_TMP_PATH, conf.tmpPath)
 
+        return conf.tmpPath
+
     def getVersionFromBanner(self):
         if "dbmsVersion" in kb.bannerFp:
             return